Strong-arm tactics can also be counterproductive, by giving the user further reason to defeat or remove
the DRM software.
12
The software is more likely to remain on the user's system if it does not behave
annoyingly. Trying to force updates can reduce the DRM system's efficacy if it convinces users to remove
the DRM altogether.
Users will tend to be suspicious of software updates in any case. From the user's standpoint, every
software update is a security risk, which could carry hostile or buggy code onto the user's system. Users
will worry that the update adds a security hole or backdoor into the vendor's software, or that the encryption
key that the vendor uses to sign updates has been compromised. Careful users try to minimize the amount
of new software coming onto their systems, and so they will tend to resist software updates, especially
mandatory ones.
Given the problems with forced updates, and the user backlash they likely would have triggered, we are
not surprised that neither XCP nor MediaMax tried to force updates.
10
Conclusion
Our analysis of Sony-BMG's CD DRM carries wider lessons for content companies, DRM vendors, policy-
makers, end users, and the security community. We draw six main conclusions.
First, the design of DRM systems is driven strongly by the incentives of the content distributor and the
DRM vendor, but these incentives are not always aligned. Where they differ, the DRM design will not
necessarily serve the interests of copyright owners, not to mention artists.
Second, DRM, even if backed by a major content distributor, can expose users to significant security
and privacy risks. Incentives for aggressive platform building drive vendors toward spyware tactics that
exacerbate these risks.
Third, there can be an inverse relation between the efficacy of DRM and the user's ability to defend the
computer from unrelated security and privacy risks. The user's best defense is rooted in understanding and
controlling which software is installed on the computer, but many DRM systems rely on undermining the
user's understanding and control.
Fourth, CD DRM systems are mostly ineffective at controlling uses of content. Major increases in
complexity have not increased their effectiveness over that of early schemes, and may in fact have made
things worse by creating more avenues for attack. We think it unlikely that future CD DRM systems will do
better.
Fifth, the design of DRM systems is only weakly connected to the contours of copyright law. The
systems make no pretense of enforcing copyright law as written, but instead seek to enforce rules dictated
by the label's and vendor's business models. These rules, and the technologies that try to enforce them,
implicate other public policy concerns, such as privacy and security.
Finally, the stakes are high. Bad DRM design choices can seriously harm users, create major liability
for copyright owners and DRM vendors, and ultimately reduce artists' incentive to create.
Acknowledgments
We are grateful for the expert legal advice of Deirdre Mulligan and her colleagues at U.C. Berkeley: Aaron
Perzanowski, Sara Adibisedeh, Azra Medjedovic, Brian W. Carver, Jack Lerner, and Joseph Lorenzo Hall.
We are also grateful to Clayton Marsh at Princeton. Sadly, research of this type does seem to require support
from a team of lawyers.
12
Users could also mislead the DRM software about the date and time, but most users with the inclination to do that would
probably just remove the DRM software altogether.
25